CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2025/05/22 5:36 p.m.•6 views

CVE-2020-9495

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users...

5.3CVSS7.1AI score0.27485EPSS

Exploits1References1

OSV•added 2022/02/10 11:6 p.m.•23 views

GHSA-V83P-XWM9-V4G8 Injection in Apache Archiva

5.3CVSS5.4AI score0.27485EPSS

Exploits1References7

NVD•added 2020/06/19 7:15 p.m.•10 views

CVE-2020-9495

5.3CVSS0.27485EPSS

Exploits1References6

Prion•added 2020/06/19 7:15 p.m.•18 views

Code injection

5CVSS5.5AI score0.27485EPSS

Exploits1References6Affected Software1

Tenable Nessus•added 2018/01/15 12:0 a.m.•31 views

FreeBSD : shibboleth-sp -- vulnerable to forged user attribute data (3dbe9492-f7b8-11e7-a12d-6cc21735f730)

Shibboleth consortium reports : Shibboleth SP software vulnerable to forged user attribute data The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type...

6.5CVSS6.4AI score0.00779EPSS

Exploits2References3

Prion•added 2018/01/13 6:29 p.m.•14 views

Information disclosure

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.4CVSS6.1AI score0.00779EPSS

Exploits2References5Affected Software2